Gmail

Aza Raskin, Mozilla Firefox creative lead, demonstrated through his blog a new phishing technique using the tabs of the browser instead of the traditional phishing techniques which generally lead a user directly to a malicious web page that impersonates a trusted page, such as an online banking login site, which can then harvest the user’s login information.

The new phishing technique, which makes use of morphing browser tabs to trick people into giving away login information. If the user leaves the page open in a browser tab and clicks to another tab, the malicious tab changes itself into a replica of the trusted site. It changes the title and the icon displayed on the tab, among other things, Raskin said. In the researcher’s demonstration, the page imitated is the Gmail login page.

The user then might click back onto the malicious tab, mistaking it for the trusted site.

The attack works on major browsers including Firefox, Internet Explorer and Google Chrome and in Firefox it can be partially blocked using NoScript add-on.

Since June 2009 Google has been testing the https protocol in order to use it in the whole Gmail service so us to provide the optimum security possible from the information send/received from/to the browser of the user to/from the company’s servers. Through these months Google upgraded only the login page of Gmail to encrypt the username and password of the user also offering the option to the user to enable https if he/she wanted to. On the 12th of January Google announced through the official Gmail Blog that https will be the default option from now on for all the users, and only if the user wishes so, he or she can go back to the unsecure https protocol.

Several issues were resolved by Google until now, concerning the use of https to its services, there is still though an issue for the users who use the offline Gmail. More information about the issue can be found here.

On the 12th of January an article was published on the Official Google Blog, titled “A new approach to China” through which David Drummond, Corporate Development and Chief Legal Officer, states that Google is going to consider whether it will withdraw its presence from China due to hacking/phishing attacks targeting its systems. The purpose of the attacks was the access Gmail accounts of users who are advocates of human rights in China. The attacks also targeted at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors. McAfee vise president of threat research, Dmitri Alperovitch, while talking about the attacks he said that they totally change the threat model because of the unprecedented tactics used that combined encryption, stealth programming and a previously unknown hole in Internet Explorer 6.

David Drummond states that Google will reconsider whether it will comply from now onwards with the Chinese laws which ask for certain restrictions over the results the Google.cn returns and as mentioned before, its presence in China closing its offices in the country. The China Daily article titled China seeks clarity on Google’s intentions criticizes that move, raising concerns about the 700 employees the company has in Beijing while also questioning whether Google has to think whether it can be flexible enough to adapt to China instead of working in the US way which is characterized as non-flexible.

Google’s move is thought to be significant, and many free-speech and human rights groups hope that many other companies will take a similar stand. So, Google gained the support of those groups, it is going to lose the $600 million (estimated by JP Morgan for this year) revenue gained from the country and off course its presence in one of the most developing countries in terms of Internet growth (the Internet users number increased from 10 million to 340 million in a decade). One reason though for Google’s move can be the losing of the search-market battle inside China to the domestic brand Baidu.

Throughout the presence of Google in China, there were several cases in which the government would block services outside the country, sometimes also blocking Youtube which is based outside China. One case is described in this Guargian article, were the government blocked access to Google services in June 2009, amongst which Gmail in order for the authorities to warn Google to scale back its search operations. The main reason the authorities used for blocking Google, was that it provided links to pornographic websites through its search engine.

A Washington Post article titled “Google vs. China” also connects the Google case with the Obama administration which has been slow to embrace the cause of Internet freedom. The case is thought to be both human rights related and also a trade issue because Beijing makes it difficult for foreign companies to compete the domestic ones. Secretary of State Hillary Rodham Clinton also issued a statement on the 12 of January saying the Chinese government would be asked about the cyber-attacks reported by Google.